The German data protection authority (BfDI) has fined Vodafone GmbH, the telecommunications company’s German subsidiary, €45 million ($51.4 million) for privacy and security violations.
“Due to malicious employees in partner agencies who broker contracts to customers on behalf of Vodafone, there had been fraud cases due to fictitious contracts or contract changes at the expense of customers, among other things,” BfDI said on Thursday.
BfDI imposed a €15 million fine on Vodafone GmbH for failing to monitor partner agencies whose employees made unauthorized contract changes or tricked customers into signing fictitious contracts.
The British multinational telecommunications company was hit with a second €30 million fine for authentication vulnerabilities of its MeinVodafone (“My Vodafone”) and the company’s hotline, which allowed attackers to access customer eSIM profiles.
“Where data breaches take place, sanctions must be imposed. However, with my work, I also want to ensure that data breaches do not occur in the first place. Companies that want to comply with data protection law must be empowered to do so,” added Prof. Dr. Louisa Specht-Riemenschneider, the Federal Commissioner for Data Protection and Freedom of Information.
“I would like to point out that Vodafone has cooperated with me continuously and without restriction throughout the entire proceedings and has also disclosed circumstances that have incriminated the company.”
Vodafone has updated its processes and systems, replacing some of them to mitigate future risks. The company has also updated procedures for selecting and auditing partner agencies, and it has severed ties with partners linked to fraudulent activities.
The telecom giant has already paid the fines and donated several million euros to organizations that promote data protection, media literacy, and combating cyberbullying, the BfDI said.
Vodafone offers mobile and fixed services to over 330 million customers in 15 countries across Europe, Asia, Africa, and Oceania. Its financial technology businesses also serve nearly 83 million customers in seven African countries.
A Vodafone spokesperson was not immediately available for comment when contacted by BleepingComputer today.
Manual patching is outdated. It’s slow, error-prone, and tough to scale.
Join Kandji + Tines on June 4 to see why old methods fall short. See real-world examples of how modern teams use automation to patch faster, cut risk, stay compliant, and skip the complex scripts.
